Beefy Boxes and Bandwidth Generously Provided by pair Networks
Pathologically Eclectic Rubbish Lister
 
PerlMonks  

Re^3: PerlTaintCheck and configuration for secure paths

by shmem (Chancellor)
on Jun 22, 2006 at 17:51 UTC ( #556964=note: print w/replies, xml ) Need Help??


in reply to Re^2: PerlTaintCheck and configuration for secure paths
in thread PerlTaintCheck and configuration for secure paths

If $thumbName was constructed with whatsoever variable that is tainted and not sanitized, it becomes tainted as well.

In perlsec is a snippet of code:

sub is_tainted { return ! eval { eval("#" . substr(join("", @_), 0, 0)); 1 }; }
--shmem
_($_=" "x(1<<5)."?\n".qˇ/)Oo.  G°\        /
                              /\_¯/(q    /
----------------------------  \__(m.====ˇ.(_("always off the crowd"))."ˇ
");sub _{s./.($e="'Itrs `mnsgdq Gdbj O`qkdq")=~y/"-y/#-z/;$e.e && print}

Replies are listed 'Best First'.
Re^4: PerlTaintCheck and configuration for secure paths
by geektron (Curate) on Jun 22, 2006 at 18:08 UTC
    the operative phrasing i missed: *not sanitized* ... after re-reading perlsec for the 3231244^34 time today, the "not sanitized" part kicked in.

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://556964]
help
Chatterbox?
NodeReaper drums his fingers on the chair arm

How do I use this? | Other CB clients
Other Users?
Others wandering the Monastery: (7)
As of 2017-08-17 16:24 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?
    Who is your favorite scientist and why?



























    Results (290 votes). Check out past polls.

    Notices?